Skip to main content

Data Collection and Usage

We prioritize the privacy and security of all data collected through our camera systems and associated services. Our system is designed to capture images within refrigerated spaces in commercial environments, such as supermarkets and stores, for stock monitoring purposes.

Device Captured Data

The camera system does not have any personally identifiable information or store information stored in the device itself. It does not have any capabilities to track individuals or information about them. It captures:

Still images

  • No video or audio is recorded, and the device does not have such capabilities
  • Images are typically taken at door open facing the inside contents of the refrigerator/freezer -- strictly for the purpose of stock monitoring
  • Cameras are inward facing to ensure only the content of the refrigerator/freezer are captured
  • Images are generally captured once or twice a day on pre-scheduled time

Other Data

  • Periodic temperature readings
  • Door open/close timestamps

Personal Data

To provide access to our services for licensed users, we collect personal information such as usernames and email addresses. We may also log browser and IP address information for security and auditing purposes. Logging is done in compliance with GDPR's data minimization principles, ensuring that only essential data is collected and retained.

Customer-Provided Data

Our customers provide data related to outlets (stores), products, and planograms to enable us to process images effectively. Occasionally, customers may also provide contact information for store managers or sales personnel to facilitate notifications. This data is explicitly used for fulfilling contractual obligations and legitimate interests of the stock monitoring services only.

Accidental Capture of Personal Data (Photos)

In rare instances, images might capture parts of individuals' bodies. We employ AI technology to automatically remove such data. Images are processed to ensure that any accidentally captured personal information is deleted or anonymized as soon as possible.

Data Usage and Access

The data we collect is used exclusively to deliver our stock monitoring services. Specifically:

  • Service Provision: Personal data is utilized to grant access to authorized users and notify them of necessary actions.

  • Internal and External Access: Data access is strictly limited to authorized users, including our customers' designated personnel, our internal teams, and approved subcontractors, all of whom are bound by confidentiality agreements and GDPR compliance.

  • Develop and improve products and services: The stock related data such as product information may be used to improve our recognition services. Anonymized data logs may be used to improve the performance of specific areas of our applications and services.

  • Tracking and analyzing usage of services: Cookies and application logs are used to monitor and analyze the usage of our applications and services only. We do not track anonymous users and only authorized users are tracked.

Data Storage Location

Data is stored in USA with a geo-redundancy fail-over site in Australia. Alternate storage location may be agreed upon based on agreements. All the data is encrypted in transit using mechanisms such as TLS security protocols.

Data Protection and GDPR Compliance

We are fully committed to GDPR compliance and protecting the privacy of all individuals:

  • Data Security: All personal data is stored securely, and access is restricted to authorized personnel only. We employ state-of-the-art encryption and access control mechanisms to safeguard the data. The access to infrastructure is limited based on the location and user accounts. Data transfer in transit is encrypted using mechanisms such as TLS.

  • Data Minimization: We only collect the minimum necessary personal information required to provide our services. Regular reviews are conducted to ensure that only necessary data is retained, and unnecessary information is removed.

  • Rights of Data Subjects: Individuals have the right to access, rectify, or request the deletion of their personal data. Requests can be directed to our Data Protection Officer at mail@coolrgroup.com or to general support at support@coolrgroup.com. We have a 7-day turn-around time for any such requests.

  • Data Retention: Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law. Logs are stored for a maximum of 6 months.

  • Data Breach Protocol: In the unlikely event of a data breach, we have protocols in place to promptly notify affected individuals and the relevant supervisory authority, as required by GDPR.

Third-Party Processing

We may share data with third-party service providers (subcontractors) for processing on our behalf. All third-party processors are carefully vetted to ensure GDPR compliance and are contractually obligated to adhere to our data protection standards.

Contact Information

For any queries or concerns regarding your personal data or our data protection practices, please contact our Data Protection Officer at mail@coolrgroup.com.